Month: April 2024

Frank Thorp V, Sahil Kapur and Ryan Nobles, NBC News:

The Senate voted to reauthorize a powerful surveillance tool the U.S. government describes as critical to combating terrorism, after defeating efforts by civil liberties advocates on the left and right to rein it in.

The vote of 60-34 sends the bill to President Joe Biden, who has championed it. The legislation extends Section 702 of the Foreign Intelligence Surveillance Act, or FISA, for two more years.

Contrary to the New York Times’ framing last year, the nay votes were hardly a picture of the “far-right”. Dissenters were almost a 50–50 split between Republicans and Democrats, with slightly more of the latter. Sadly, even with some long-overdue Republican support, the nay votes did not “imperil” this capability.

Marc Zwillinger, Steve Lane, and Jacob Sommer, of the ZwillGen law firm, on an amendment which will compel more providers to turn over records:

The new amendment is a marginal improvement over the last go-around, but it is still problematic. It is not a change that “narrowly updates the definition of electronic communication service provider under Section 702.” Like the FRRA, it: (1) drops the qualifier “communication” from the class of covered “service providers;” (2) makes access to communications-carrying equipment enough to establish eligibility; and (3) adds “custodian” to the list of individuals who can be forced to provide assistance. But unlike the FRRA, it then enumerates a list of business types that cannot be considered ECSPs, including public accommodations, dwellings, restaurants, and community facilities.

The White House is thrilled.

American readers, if you need cheering up, do note the House of Representatives passed the Fourth Amendment is Not For Sale Act.

John Gruber, in 2020:

Just because there is now a multi-billion-dollar industry based on the abject betrayal of our privacy doesn’t mean the sociopaths who built it have any right whatsoever to continue getting away with it. They talk in circles but their argument boils down to entitlement: they think our privacy is theirs for the taking because they’ve been getting away with taking it without our knowledge, and it is valuable. No action Apple can take against the tracking industry is too strong.

Ian Betteridge contrasted this view against one of Gruber’s recent articles, in which his stance appears to have softened on the seriousness of tracking:

I wonder what happened to turn John’s attitude from “no action Apple can take against the tracking industry is too strong” to defending Facebook’s “right” to choose how it invades people’s privacy? Or is he suggesting that a private company is entitled to defend people’s privacy, but governments are not?

To put it another way, should people have an expectation of how private information is used and collected, or should that be wildly different depending on which companies they interact with? Is the status quo of handling private data in the U.S. the optimal legal balance?

John Gruber, responding:

I’ve seen a bit of pushback along this line recently, more or less asking: How come I was against Meta’s tracking but now seem for it? I don’t see any contradiction or change in my position though. The only thing I’d change in the 2020 piece Betteridge quotes is this sentence, which Betteridge emphasizes: “No action Apple can take against the tracking industry is too strong.” I should have inserted an adjective before “tracking” — it’s non-consensual tracking I object to, especially tracking that’s downright surreptitious. Not tracking in and of itself.

Given my review of Byron Tau’s new book, you might expect me to wholly disagree with the idea that anyone can provide consent. I do not — in theory. But in practice and in most circumstances right now, it probably is impossible for users to provide meaningful consent to all of the digital products and services they use.

Consider what full informed consent looks like for Facebook — and just Facebook. One would need to indicate they have read and understood each section of its simplified privacy policy, not just tick the blanket “I Agree” box, or permit it using the App Tracking Transparency dialog. Facebook should show exactly what it is collecting and how it is using this information. Every time a policy changes, Facebook should get an affirmative agreement, too, from each user; none of this by continuing to use the product, you indicate your agreement nonsense.

And this is just Facebook. Imagine that across all your accounts everywhere. We have a taste of that on the web with cookie consent panels, and on iOS with the myriad dialogs thrown by app features like accessing your contacts. A typical camera app will likely ask you for four different permissions out of the gate: camera, microphone, photo library, and location access. Adding yet more consents and dialog boxes is hardly an effective solution.

Meta is probably one of the more agreeable players in this racket, too. It hoards data; it does not share much of it. And it has a brand to protect. Data brokers are far worse because nobody knows who they are or what they collect, share, and merge. Scale the informed consent model above across all data brokers you interact with, in each app or website you use. As an example, Het Laatste Nieuws, a popular Dutch-language news site in Belgium, shows in its cookie consent dialog it has over one hundred advertising partners, among the lowest numbers I have seen. (For comparison, Le Monde has over five hundred.) True consent requires you to understand those privacy policies, too. What does Nexxen collect? Which other websites, apps, or products do you use which also partner with Nexxen? Can you find Nexxen in HLN’s partner list? (Probably not — the privacy policies for the first three advertisers I was going to use as an example in that sentence returned 404 errors, and I only found Nexxen because I clicked on the policy for Unruly, which rebranded last year.)

This is a mess from the perspective of users and site operators. A core principle of informed consent is an understanding of risk. Are people presented with adequate information about the risks of accepting tracking? No, not really. Meanwhile, website owners do not want to interrupt visitors with cookie consent forms; they want to interrupt them with email newsletter sign-up forms. Nobody wants to manage a vast database of specific consent agreements.

Gruber is reacting to a draft decision (PDF) by the European Data Protection Board — specifically:

It has to be concluded that, in most cases, it will not be possible for large online platforms to comply with the requirements for valid consent if they confront users only with a binary choice between consenting to processing of personal data for behavioural advertising purposes and paying a fee.

The EDPB’s justification for this is based largely on similar arguments to those I have made above, though it limits the scope of this decision to platforms of gatekeeper scale for similar interconnected rationales as it has used to define those platforms’ unique responsibilities. Interestingly, the EDPB says the mere existence of a fee at all is enough to question whether there is a truly free choice when a no-cost option is also available. It seems to want a third way: no behaviourally informed advertising, at no financial cost to users.

I am not sure there is a good reason to limit to gatekeepers restrictions regarding the use of behavioural advertising. There need to be stricter controls around tracking so that users may have informed consent, regardless of whether it is a corporate behemoth, a news publisher, or a weather app. If we want informed consent, we should have it, but the status quo is a poor excuse for truly informed, truly free consent.

Victoria Song, the Verge:

I became the family Chewbacca. Family would speak to me in Korean, I’d reply back in English — and vice versa. Later, I started learning Japanese because that’s what public school offered and my grandparents were fluent. Eventually, my family became adept at speaking a pidgin of English, Korean, and Japanese.

This arrangement was less than ideal but workable. That is until both of my parents were diagnosed with incurable, degenerative neurological diseases. My father had Parkinson’s disease and Alzheimer’s disease. My mom had bulbar amyotrophic lateral sclerosis (ALS) and frontotemporal dementia (FTD). Their English, a language they studied for decades, evaporated.

This is one of those heartbreaking essays that will sit with me for a long time. It is nominally about how Humane’s wearable gadget struggled with translation features, but it is so much greater, as you can surmise from the quote.

After I linked to Josh Dzieza’s long report about subsea cable repair, I got an email from Joshua Ochs who pointed me to Neal Stephenson’s 1996 essay, published in Wired, about the laying of the FLAG cable.

There is some poetry here. The only way I read that original article, published it, and then received that email is because of all of this infrastructure. I may be writing this on a laptop with no wires coming out of it, but that is not really how I am connected to the internet. Instead, one cable after another has carried my bytes.

If you have not read it before, I think you should set aside some time for it. But do note: it is over forty thousand words. You should still read it. Also, there are parts of it which have not aged well — from predictable cultural perspectives, to a comparison made of the demise of the Library of Alexandria which will make you double-take the dateline. And I recommend spending time with the whole thing because it is amazing.

Tim Maly, writing for Nieman fifteen years after its publication:

The dot-com world’s dangerously myopic narcissism was visible to those with the right kind of eyes, and “Mother Earth Mother Board” is 42,535 words of emergency optical surgery. Stephenson wants to show you that everything’s been done before, only crazier.

The essay is apparently a legendary work but, as with so many critically lauded things, it escaped my field of view. If you have time this weekend, do not let it escape yours.

Mediana, Benediktus Krisna Yogatama, Mawar Kusuma Wulan, Kompas (as translated by Safari):

Indonesia is a destination country visited by the boss of the technology giant company Tim Cook, CEO of Apple, and Satya Nadella, CEO of Microsoft. The second visit has been announced by the Minister of Communication and Information Budi Arie Setiadi since mid-March 2024.


Apple has an obligation to build four [developer] academies, namely in Bali, Batam, Surabaya, and South Tangerang. The total investment value reaches Rp 1.6 trillion.


Regarding the construction of the factory, Agus said that his party would encourage it because Indonesia already has a factory of cell phone components such as batteries or cables, so that Apple can use domestic products.

I saw a few conspicuous cars waiting at the VIP terminal of Jakarta’s smaller airport yesterday. Turns out the private jet carrying the Apple entourage arrived just a few minutes after my discount flight took off. Practically rubbing shoulders over here.

Anyway, that tipped me off to the plane’s tail number and, based on its path this evening — local time — Cook and company have just landed in Singapore. It seems plausible to me Cook could also visit Malaysia to open the country’s first Apple Store, which looked close to finished last month. Thanks to Just Another Rakyat for that tip.

Meanwhile, Apple and Epic Games are fighting again, this time in a court in Melbourne. Perhaps Cook is also on his way to participate in that. There sure is a lot going on in Southeast Asia and Australia right now.

Update: Well my guesses were completely wrong about Cook’s schedule. After Singapore, he went back to California.

The new A.I. Pin from Humane is, according to those who have used one, bad. Even if you accept the premise of wearing a smart speaker and use it to do a bunch of the stuff for which you used to rely on your phone, it is not good at those things — again, according to those who have used one, and I have not. Why is it apparently controversial to say that with intention?

Cherlynn Low, of Engadget, “cannot recommend anyone spend this much money for the one or two things it does adequately”. David Pierce, of the Verge, says it is “so thoroughly unfinished and so totally broken in so many unacceptable ways”. Arun Maini said the “total amount of effort required to perform any given action is just higher with the Pin”. Raymond Wong, of Inverse, wrote the most optimistic review of all those I saw but, after needing a factory reset of his review unit and then a wind gust blowing it off his shirt, it sounds like he is only convinced by the prospect of future versions, not the “textbook […] first-generation product” he is actually using.

It was Marques Brownlee’s blunt review title — “The Worst Product I’ve Ever Reviewed… For Now” — which caught the attention of a moderately popular Twitter user. The review itself was more like Wong’s, seeing some promise in the concept while dismissing this implementation, but the tweet itself courted controversy. Is the role of a reviewer to be kind to businesses even if their products suck, or is it to be honest?

I do not think it makes sense to dwell on an individual tweet. What is more interesting to me is how generous all of the reviewers have been so far, even while reaching such bleak conclusions. Despite having a list of cons including “unreliable”, and “slow”, and Low saying she burned herself “several times” because it was so hot, Engadget still gave it a score of 50 out of 100. The Verge gave it a 4 out of 10, and compared the product’s reception to that of the “dumpster fire” Nexus Q of 2012, which it gave a score of 5 out of 10.

That last review is a relevant historic artifact. The Nexus Q was a $300 audio and video receiver which users would, in theory, connect to a television or a Hi-Fi speaker system. It was controlled through software on an Android phone, and its standout feature was collaborative playlists. But the Verge found it had “connectivity problems” with different phones and different Nexus Q review units, videos looked “noticeably poor”, it was under-featured, and different friends adding music to the playback queue worked badly. Aside from the pretty hardware, there simply was no there there, and it was canned before a wide release.

But that was from Google, an established global corporation. Humane may have plenty of ex-Apple staff and lots of venture capital money, but it is still a new company. I have no problem grading on a reasonable curve. But how in the world is the Humane getting 40% or 50% of a perfect grade when every reviewer seems to think this product is bad and advises people not to buy one?

Even so, all of them seem compelled to give it the kind of tepid score you would expect for something that is flawed, but not a disaster. Some of the problems do not seem to be a direct fault of Humane; they are a consequence of the technological order. But that does not justify spending $700 plus a $24 per month subscription which you will need to keep paying in perpetuity to prevent your A.I. Pin from becoming a fridge magnet.

Maybe this is just a problem with trying to assign numerical scores. I have repeatedly complained about this because I think it gives mixed messages. What people need to know is whether something is worth buying, which consists of two factors: whether it addresses an actual problem, and whether it is effective at solving that problem. It appears the answer to the first is “maybe”, and the answer to the second is “hell no”. It does not matter how nice the hardware may be, or how interesting the laser projecting screen is. It apparently burns you while you barely use it.

In that light, giving this product an even tepid score is misleading. It is not respectful of potential buyers nor of the team which helped make it. It seems there are many smart people at Humane who thought they had a very good idea, and many people were intrigued. If a reviewer’s experience was poor, it is not cruel for them to be honest and say that it is, in a word, bad.

Katie Notopoulos, Business Insider:

But then there’s the other, more existential argument against phones: We are spending all our free moments with a screen shoved in our faces, mindlessly scrolling for dopamine and ignoring the world around us. Time spent on your phone is bad; time spent doing anything else is good.

This argument I just can’t get on board with. I love mindless scrolling; I find it immensely enjoyable. I love flipping through TikTok, browsing tweets, poking around Reddit. I’ll pop into the group chat. Maybe if I have some extra time, I’ll go to my happy place and watch some movie trailers on YouTube.

I thought this was a good rebuttal to the seemingly constant moral panic over how much we use screens. Notopoulos is careful to disclaim she is writing as an adult “with a fully formed frontal lobe” and this advice probably does not apply in the same way to children.

I do not think we should consider this kind of debate settled one way or another. I think it is reasonable to ask whether it is a good idea for everybody to carry everywhere a slot machine for their feelings. Social media platforms are incentivized to increase time spent and user retention, which they can juice by making nicer products and through sneaky design patterns. It seems like grounds to worry about phone use if it is impacting other aspects of one’s life, like if they are forgetting to take care of themselves or do household tasks because they spend so much time on their phone.

But if you reading on your phone instead of reading a newspaper, or watching a YouTube video instead of watching a show on TV, what are you actually doing differently? Those seem like interchangeable activities.

Omer Benjakob and Eliza Triantafillou, Haaretz:

According to the documents, in 2022 Intellexa presented a proof of concept for a system called Aladdin that enables the remote infection of a specific mobile telephone device through online advertisements. This is the first time it has been revealed that a company outside of Israel has developed such a spyware tool – which was considered the cutting edge of Israel’s offensive cyber. At that time, in Israel, the Defense Ministry was actively working to prevent Israeli companies from marketing identical spyware tools abroad.


It is not known what happened to Aladdin. It is possible it was never developed or if it was, if it was ever actually sold. Adint systems are considered extremely complicated to develop and maintain over time, and it is not clear if Intellexa moved ahead with trying to develop it into a working product and if they ever pitched it or sold it.

This was described by Intellexa as a near zero-click solution, in that it only requires someone to be using a web browser for their device to be affected; it does not require someone to tap on an ad. iPhones were apparently not affected by this zero-click ad infection capability, and required at least one tap, but that is barely comforting considering how frequently I accidentally tap on ads in third-party apps on my iPhone.1

Via Zack Whittaker, TechCrunch:

Online ads help website owners, including this one, generate revenue. But online ad exchanges can be abused to push malicious code to a target’s device.


While no phone or computer can ever be completely unhackable, ad blockers can be effective in stopping malvertising and ad-based malware before it ever hits the browser.

The technology described by Haaretz is clearly among the most cutting edge and it seems unlikely any random person would be caught in its net. The whole point, after all, is specific and targeted malware delivery — something which, as with surveillance, is possible thanks to the way online advertising works. While there are many ad blockers available for browsers, including site sponsor Magic Lasso, there are no user-friendly answers for in-app ads on iOS, many of which use the same networks and technologies as those in browsers. This is an unfortunate limitation of the way iOS works.

  1. This is not really the point of this post, but it seems like something changed a few major iOS versions ago and I now find myself accidentally tapping way more often. This is especially noticeable when I am just trying to stop an in-progress scroll. ↥︎

Josh Dzieza, the Verge:

[…] It’s a truism that people don’t think about infrastructure until it breaks, but they tend not to think about the fixing of it, either. In his 2014 essay, “Rethinking Repair,” professor of information science Steven Jackson argued that contemporary thinking about technology romanticizes moments of invention over the ongoing work of maintenance, though it is equally important to the deployment of functional technology in the world. There are few better examples than the subsea cable industry, which, for over a century, has been so effective at quickly fixing faults that the public has rarely had a chance to notice. Or as one industry veteran put it, “We are one of the best-kept secrets in the world, because things just work.”

I bet this essay appears on a good many best of lists at the end of the year. It is tremendous. Necessary reporting well-told and richly illustrated. Normally, I find these kinds of high production value presentations more distracting than they are helpful, but this is exactly the opposite. A wonderful exploration of the kind of quiet profession that makes core parts of life possible for everybody else.

Eric Geller, Wired:

Microsoft’s almost untouchable position is the result of several intermingling factors. It is by far the US government’s most important technology supplier, powering computers, document drafting, and email conversations everywhere from the Pentagon to the State Department to the FBI. It is a critical partner in the government’s cyberdefense initiatives, with almost unparalleled insights about hackers’ activities and sweeping capabilities to disrupt their operations. And its executives and lobbyists have relentlessly marketed the company as a leading force for a digitally safer world.

While one part of Microsoft is busy creating headlines for imminent A.I.-powered election propaganda on behalf of the Chinese government, another is failing to protect its own systems from breaches allegedly by Chinese state groups. This is not solely a U.S. problem, either; lots of governments worldwide rely on Microsoft’s products and services.

Daniel Parris:

Reading these studies proved an existential body blow because I am 31, apparently on the precipice of becoming a musical dinosaur. I like to think I’m special — that my high-minded dedication to culture makes me an exceptionally unique snowflake — but apparently I’m just like everybody else. I turned 30, and now I’m in a musical rut, content to have an AI bot DJ pacify me with the songs of my youth.

Patterns like these seem to be everywhere. Our learning capabilities fossilize, and everything from music to food to society begins to feel uncomfortable. It seems important, I think, for us to fight that tendency for ourselves and be willing to embrace new and different things. Music seems like as good a place as any to start. Keep trying new stuff.

Update: Only slightly related but just read, Lydia Davis’ “How He Changed Over Time”.

In the 1970s and 1980s, in-house researchers at Exxon began to understand how crude oil and its derivatives were leading to environmental devestation. They were among the first to comprehensively connect the use of their company’s core products to the warming of the Earth, and they predicted some of the harms which would result. But their research was treated as mere suggestion by Exxon because the effects of obvious legislation would “alter profoundly the strategic direction of the energy industry”. It would be a business nightmare.

Forty years later, the world has concluded its warmest year in recorded history by starting another. Perhaps we would have been more able to act if businesses like Exxon equivocated less all these years. Instead, they publicly created confusion and minimized lawmakers’ knowledge. The continued success of their industry lay in keeping these secrets.

“The success lies in the secrecy” is a shibboleth of the private surveillance industry, as described in Byron Tau’s new book, “Means of Control”. It is easy to find parallels to my opening anecdote throughout though, to be clear, a direct comparison to human-led ecological destruction is a knowingly exaggerated metaphor. The erosion of privacy and civil liberties is horrifying in its own right, and shares key attributes: those in the industry knew what they were doing and allowed it to persist because it was lucrative and, in a post-9/11 landscape, ostensibly justified.

Tau’s byline is likely familiar to anyone interested in online privacy. For several years at the Wall Street Journal, he produced dozens of deeply reported articles about the intertwined businesses of online advertising, smartphone software, data brokers, and intelligence agencies. Tau no longer writes for the Journal, but “Means of Control” is an expansion of that earlier work and carefully arranged into a coherent set of stories.

Tau’s book, like so many others describing the current state of surveillance, begins with the terrorists attacks of September 11 2001. This was the early days, when Acxiom realized it could connect its consumer data set to flight and passport records. The U.S. government ate it up and its appetite proved insatiable. Tau documents the growth of an industry that did not exist — could not exist — before the invention of electronic transactions, targeted advertising, virtually limitless digital storage, and near-universal smartphone use. This rapid transformation occurred not only with little regulatory oversight, but with government encouragement, including through investments in startups like Dataminr, GeoIQ, PlaceIQ, and PlanetRisk.

In near-chronological order, Tau tells the stories which have defined this era. Remember when documentation released by Edward Snowden showed how data created by mobile ad networks was being used by intelligence services? Or how a group of Colorado Catholics bought up location data for outing priests who used gay-targeted dating apps? Or how a defence contractor quietly operates nContext, an adtech firm, which permits the U.S. intelligence apparatus to effectively wiretap the global digital ad market? Regarding the latter, Tau writes of a meeting he had with a source who showed him a “list of all of the advertising exchanges that America’s intelligence agencies had access to”, and who told him American adversaries were doing the exact same thing.

What impresses most about this book is not the volume of specific incidents — though it certainly delivers on that front — but the way they are all woven together into a broader narrative perhaps best summarized by Tau himself: “classified does not mean better”. That can be true for volume and variety, and it is also true for the relative ease with which it is available. Tracking someone halfway around the world no longer requires flying people in or even paying off people on the ground. Someone in a Virginia office park can just make that happen and likely so, too, can other someones in Moscow and Sydney and Pyongyang and Ottawa, all powered by data from companies based in friendly and hostile nations alike.

The tension running through Tau’s book is in the compromise I feel he attempts to strike between acknowledging the national security utility of a surveillance state while describing how the U.S. has abdicated the standards of privacy and freedom it has long claimed are foundational rights. His reporting often reads as an understandable combination of awe and disgust. The U.S. has, it seems, slid in the direction of the kinds of authoritarian states its administration routinely criticizes. But Tau is right to clarify in the book’s epilogue that the U.S. is not, for example, China, separated from the standards of the latter by “a thin membrane of laws, norms, social capital, and — perhaps most of all — a lingering culture of discomfort” with concentrated state power. However, the preceding chapters of the book show questions about power do not fully extend into the private sector, where there has long been pride in the scale and global reach of U.S. businesses but concern about their influence. Tau’s reporting shows how U.S. privacy standards have been exported worldwide. For a more pedestrian example, consider the frequent praise–complaint sandwiches of Amazon, Meta, Starbucks, and Walmart, to throw a few names out there.

Corporate self-governance is an entirely inadequate response. Just about every data broker and intermediary from Tau’s writing which I looked up promised it was “privacy-first” or used similar language. Every business insists in marketing literature it is concerned about privacy and says they ensure they are careful about how they collect and use information, and they have been doing so for decades — yet here we are. Entire industries have been built on the backs of tissue-thin user consent and a flexible definition of “privacy”.

When polled, people say they are concerned about how corporations and the government collect and use data. Still, when lawmakers mandate choices for users about their data collection preferences, the results do not appear to show a society that cares about personal privacy.

In response to the E.U.’s General Data Privacy Regulation, websites decided they wanted to continue collecting and sharing loads of data with advertisers, so they created the now-ubiquitous cookie consent sheet. The GPDR does not explicitly mandate this mechanism and many remain non-compliant with the rules and intention of the law, but they are a particularly common form of user consent. However, if you arrive at a website and it asks you whether you are okay with it sharing your personal data with hundreds of ad tech firms, are you providing meaningful consent with a single button click? Hardly.

Similarly, something like 10–40% of iOS users agree to allow apps to track them. In the E.U., the cost of opting out of Meta’s tracking will be €6–10 per month which, I assume, few people will pay.

All of these examples illustrate how inadequately we assess cost, utility, and risk. It is tempting to think of this as a personal responsibility issue akin to cigarette smoking but, as we are so often reminded, none of this data is particularly valuable in isolation — it must be aggregated in vast amounts. It is therefore much more like an environmental problem.

As with global warming, exposé after exposé after exposé is written about how our failure to act has produced extraordinary consequences. All of the technologies powering targeted advertising have enabled grotesque and pervasive surveillance as Tau documents so thoroughly. Yet these are abstract concerns compared to a fee to use Instagram, or the prospect of reading hundreds of privacy policies with a lawyer and negotiating each of them so that one may have a smidge of control over their private information.

There are technical answers to many of these concerns, and there are also policy answers. There is no reason both should not be used.

I have become increasingly convinced the best legal solution is one which creates a framework limiting the scope of data collection, restricting it to only that which is necessary to perform user-selected tasks, and preventing mass retention of bulk data. Above all, users should not be able to choose a model that puts them in obvious future peril. Many of you probably live in a society where so much is subject to consumer choice. What I wrote sounds pretty drastic, but it is not. If anything, it is substantially less radical than the status quo that permits such expansive surveillance on the basis that we “agreed” to it.

Any such policy should also be paired with something like the Fourth Amendment is Not For Sale Act in the U.S. — similar legislation is desperately needed in Canada as well — to prevent sneaky exclusions from longstanding legal principles.

Last month, Wired reported that Near Intelligence — a data broker you can read more about in Tau’s book — was able to trace dozens of individual trips to Jeffrey Epstein’s island. That could be a powerful investigative tool. It is also very strange and pretty creepy all that information was held by some random company you probably have not heard of or thought about outside stories like these. I am obviously not defending the horrendous shit Epstein and his friends did. But it is really, really weird that Near is capable of producing this data set. When interviewed by Wired, Eva Galperin, of the Electronic Frontier Foundation, said “I just don’t know how many more of these stories we need to have in order to get strong privacy regulations.”

Exactly. Yet I have long been convinced an effective privacy bill could not be implemented in either the United States nor European Union, and certainly not with any degree of urgency. And, no, Matt Stoller: de facto rules on the backs of specific FTC decisions do not count. Real laws are needed. But the products and services which would be affected are too popular and too powerful. The E.U. is home to dozens of ad tech firms that promise full identity resolution. The U.S. would not want to destroy such an important economic sector, either.

Imagine my surprise when, while I was in middle of writing this review, U.S. lawmakers announced the American Privacy Rights Act (PDF). If passed, it would give individuals more control over how their information — including biological identifiers — may be collected, used, and retained. Importantly, it requires data minimization by default. It would be the most comprehensive federal privacy legislation in the U.S., and it also promises various security protections and remedies, though I think lawmakers’ promise to “prevent data from being hacked or stolen” might be a smidge unrealistic.

Such rules would more-or-less match the GDPR in setting a global privacy regime that other countries would be expected to meet, since so much of the world’s data is processed in the U.S. or otherwise under U.S. legal jurisdiction. The proposed law borrows heavily from the state-level California Consumer Privacy Act, too. My worry is that it will be treated by corporations similarly to the GDPR and CCPA by continuing to offload decision-making to users while taking advantage of a deliberate imbalance of power. Still, any progress on this front is necessary.

So, too, is it useful for anyone to help us understand how corporations and governments have jointly benefitted from privacy-hostile technologies. Tau’s “Means of Control” is one such example. You should read it. It is a deep exploration of one specific angle of how data flows from consumer software to surprising recipients. You may think you know this story, but I bet you will learn something. Even if you are not a government target — I cannot imagine I am — it is a reminder that the global private surveillance industry only functions because we all participate, however unwillingly. People get tracked based on their own devices, but also those around them. That is perhaps among the most offensive conclusions of Tau’s reporting. We have all been conscripted for any government buying this data. It only works because it is everywhere and used by everybody.

For all they have erred, democracies are not authoritarian societies. Without reporting like Tau’s, we would be unable to see what our own governments are doing and — just as important — how that differs from actual police states. As Tau writes, “in China, the state wants you to know you’re being watched. In America, the success lies in the secrecy“. Well, the secret is out. We now know what is happening despite the best efforts of an industry to keep it quiet, just like we know the Earth is heating up. Both problems massively affect our lived environment. Nobody — least of all me — would seriously compare the two. But we can say the same about each of them: now we know. We have the information. Now comes the hard part: regaining control.

I was perhaps a little optimistic about Humane’s A.I. Pin. It seems like an interesting attempt at doing something a little different and outside the mainstream device space. But the early reviews have dampened any of intrigue I may have had.

In its current guise, it is a solution in search of problems. It does not even have a timer function — the one thing I can count on Siri to deliver. For someone with a disability, something like this could make a lot of sense if it worked reliably and quickly, but it seems like it is too finicky.

Sherman Smith, Kansas Reflector:

Facebook’s unrefined artificial intelligence misclassified a Kansas Reflector article about climate change as a security risk, and in a cascade of failures blocked the domains of news sites that published the article, according to technology experts interviewed for this story and Facebook’s public statements.

Blake E. Reid:

The punchline of this story was, is, and remains not that Meta maliciously censored a journalist for criticizing them, but that it built a fundamentally broken service for ubiquitously intermediating global discourse at such a large scale that it can’t even cogently explain how the service works.

This was always a sufficient explanation for the Reflector situation, and one that does not require any level of deliberate censorship or conspiracy for such a small target. Yet, it seems as though many of those who boosted the narrative that Facebook blocks critical reporting cannot seem to shake that. I got the above link from Marisa Kabas, who commented:

They’re allowing shitty AI to run their multi-billion dollar platforms, which somehow knows to block content critical of them as a cybersecurity threat.

That is not an accurate summary of what has transpired, especially if you read it with the wink-and-nod tone I imply from its phrasing. There is plenty to criticize about the control Meta exercises and the way in which it moderates its platforms without resorting to nonsense.

Nicole Lipman, N+1 magazine:

But both things can be true. SHEIN might be singled out as the worst fast-fashion retailer because the United States fears and envies China and has a particular interest in denigrating its successes, and it might be singled out because it is, in fact, the worst: the greatest polluter, the most flagrant IP thief, the largest violator of human rights, and — arguably worst of all — the most profitable. SHEIN has shown the world that unsustainability pays. Together with the companies that will follow its example of ultra-fast fashion, SHEIN will accelerate the already-rapid acceleration toward global catastrophe.

Consider the volume of critical press coverage, for decades, documenting outrageous practices in any number of consumer industries — fashion, technology, whatever — and then consider how those same industries, and even the same businesses, continue to grow and thrive. We now live in a world of Shein, Temu, and Amazon, all of which are the exact opposite of the values we claim to hold, yet are hugely popular and growing. The worse they are, the more they are rewarded.

See Also: Michael Hobbes’ deep 2016 investigation, for the Huffington Post, about the “myth of the ethical shopper”.

Speaking of repairability, Samuel Gibbs reviewed, for the Guardian, the new Fairphone Fairbuds:

The Fairbuds cost £129 (€149) and are designed from the ground up to be as sustainable as possible, combining fair trade and recycled materials with replaceable parts that can be swapped in and out with a standard small screwdriver.


The earbuds have a little door hidden behind a silicone sleeve, which opens to reveal a small button battery ready to be replaced once it wears out. The design seems so simple you wonder why no one has tried it before.

Gibbs noted an audio sync issue which the company says it was working on. Otherwise, these seem to be perfectly fine true water-resistant wireless earbuds with approximately similar battery life to Apple’s AirPods Pro.

It turns out I am currently in the market for a new set of wireless earbuds. My second-generation AirPods are down to just a few minutes of usable battery charge, and I have been reluctant to buy another set because of the fixed lifespan owing to the glued-in battery. I am sure there are ways these are less good than AirPods but, for my priorities, I think these are the right trade-off. Sadly, they are not yet available in Canada.

Apple, in a press release that does not once contain either of the words “Oregon” or “regulation”:

Today Apple announced an upcoming enhancement to existing repair processes that will enable customers and independent repair providers to utilize used Apple parts in repairs. Beginning with select iPhone models this fall, the new process is designed to maintain an iPhone user’s privacy, security, and safety, while offering consumers more options, increasing product longevity, and minimizing the environmental impact of a repair. Used genuine Apple parts will now benefit from the full functionality and security afforded by the original factory calibration, just like new genuine Apple parts.

Apple goes on to say that parts calibration will soon be done on-device, and goes further to provide a genuinely good use of pairing: if parts are scavenged from iPhones with Activation Lock enabled, they will be “restricted” in some way.

This all sounds pretty great and, it would seem, entirely triggered by regulatory changes. But it also seems to me that it is designed to challenge the parts pairing section of Oregon’s right-to-repair law (PDF). Specifically, this portion:

(b) For consumer electronic equipment that is manufactured for the first time, and first sold or used in this state, after January 1, 2025, an original equipment manufacturer may not use parts pairing to:


(B) Reduce the functionality or performance of consumer electronic equipment; […]

A clause a little later in the same section does not oblige manufacturers to “make available special documentation, tools, parts or other devices or implements that would disable or override, without an owner’s authorization, anti-theft” features set by the device owner. It looks like the total meaning of the law is that Apple’s anti-theft features would be prohibited in Oregon because doing so would reduce their functionality. That is my non-lawyer reading, anyway: it creates an understandable reason for pairing, and grounds for Apple to fight it. Just a guess, but I bet this comes up later.

Supantha Mukherjee and Foo Yun Chee, Reuters:

Independent browser companies in the European Union are seeing a spike in users in the first month after EU legislation forced Alphabet’s Google, Microsoft, and Apple to make it easier for users to switch to rivals, according to data provided to Reuters by six companies.

The early results come after the EU’s sweeping Digital Markets Act, which aims to remove unfair competition, took effect on March 7, forcing big tech companies to offer mobile users the ability to select from a list of available web browsers from a “choice screen.”

I was skeptical about the efficacy of a browser ballot screen, but I guess I should not be surprised by this news. It turns out people may pick other options if you make the choice more prominent.

Via Ben Lovejoy, who covered the report for 9to5Mac but, as of publishing, has not linked to it, and writes:

Other browser companies claim that the process is convoluted, and provides no information on any of the browsers listed. They say this means iPhone users are more likely to simply pick the name they know, which is most likely to be Safari.

I have seen others suggest people may be picking third-party browsers because they are unclear about what a web browser is, or are unsure which one they want to use. I can see legitimacy in both arguments — but that is just how choice works. A lot of people buy the same brand of a product even when they have other options because it is the one they recognize; others choose based on criteria unrelated to the product itself. This is not a new phenomenon. What is fascinating to me is seeing how its application to web browsers on a smartphone is being treated as exotic.

An analogy some have turned to — including me — in describing the difference between first- and third-party apps on the iPhone is that it is something like the difference between store generic brands and national name brands. This has been misleading because users have not, in the case of competitors to first-party apps, been placed in a neutral starting position.

It has so far been a little bit like entering a store where they give you a basket of house brand products and you have to decide which third-party options you want to add or exchange to the basket. Someone needs to really care in order to make the effort. Now, because of this ballot screen, the market is a little more levelled, and it seems some users are responding.